<?xml version="1.0" encoding="utf-8" ?>     <access-policy>      <cross-domain-access>        <policy>          <allow-from http-request-headers="*">             <domain uri="*" />           </allow-from>          <grant-to>            <resource path="/" include-subpaths="true" />           </grant-to>       </policy>     </cross-domain-access>  </access-policy>